Further to these there are also a lot of tutorials on the internet. Most of
them seem to focus on using chef to deploy/manage Linux servers but you will
have a hard time to find a lot for doing the same on Windows Servers (Yes,
Windows as in Microsoft Windows).

I have therefore sat down and put together a detailed step-by-step walkthrough
that will guide you through installing your own Open Source Chef Server on a
Rackspace Cloud Server running CentOS 6.4, installing the knife-windows
plugin and then spinning up, bootstrapping and installing IIS on a Windows
Server 2012 Rackspace Cloud Server without logging on to it once.
Read on, if you dare...

Acknowledgements

For the simplicity of this walkthrough, I am using a single CentOS server to
act as Chef Server and Chef Workstation at the same time. I have also used the
root account on this server to get the fiddling around with su and sudo out
of the way. I am well aware that this might not be following best practices
and in a perfect world you'd be using different servers for Chef Server and
Chef Workstation and of course never log on as the root user. Further, I have
partly sanitized the output as the IP of the chef server is still in use.

I have therefore replaced all occurences of it with . Please just
replace that with the IP address that the nova show command is returning for
you. Having said that, let's get cracking.

Prerequisites

You will obviously need a Rackspace Cloud Account for this. If you haven't
got one yet, go sign up for it here,
which includes a 300$ developer discount.

Once you have an account, log into the Control Panel, spin up a Cloud Server
running the Linux distribution of your choice and install the novaclient on it
following these instructions
so you can spin up Cloud Servers from the command line. I called my server
nova-serv but feel free to call it whatever you like. Once that's done,
you're ready to go.

Spin up the Cloud Server instance

First of all, let's spin up a new Rackspace Cloud Server, running CentOS 6.4
with 512MB of RAM. While we're at it, let's also inject our SSH RSA public key
into the list of authorized keys for the root user

Spin up the Windows Cloud Server we are bootstrapping later

Create a bootstrap.cmd in the current directory and make put the following
content in. Make sure to change the IP () and the hostname (chef-serv)
to reflect your values. Also note that there are only two lines in the file
(depending on you screen resolution the first line might wrap) with the first
line containing the two netsh command connected with an ampersand. We will
inject this file into our Windows Server so that it will be executed after the
first boot and accomplish the following things:

Start the windows time service (w32time)

Set the windows times service to sync time from the uk.pool.ntp..org time servers

Sync the time (chef is very particular about the time being correct and only allows a couple of minutes of skew between the server and the node)

Open port 5985 (winrm) on the firewal

Add an entry to the hosts file of our Windows Server as chef-client will try and connect back to our chef-server via its name

And now boot a Cloud Server from the Windows Server 2012 image injecting our bootstrap.cmd into the load point for files auto-executed after bootup (C:\cloud-automation\bootstrap.cmd). This will take a while longer to finish so we leave it running while we install Chef Server and Chef Client on our chef server. We will check back on the progress later. Don't forget to take a note of the adminPass

Install Chef Server on our CentOS server

OK, let's get onto the CentOS server we spun up above, this should be trusting our SSH key so no need to enter a password.

[nico@nova-serv ~]$ ssh root@<IP_ADDR>
The authenticity of host '<IP_ADDR> (<IP_ADDR>)' can't be established.
RSA key fingerprint is d2:40:af:96:47:fa:67:ec:5c:20:b0:d5:b9:14:ae:e0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '<IP_ADDR>' (RSA) to the list of known hosts.

OK, first of all, let's install Ruby. The latest version available via yum is 1.8.7, however, the knife-windows plugin requires at least 1.9.1 so we are going to install rvm which will ask us to source /etc/profile.d/rvm.sh

Once that's all been done, we need to open ports 80 (http) and 443 (https) on the host firewall so we can actually connect to our Chef Server. Don't forget to save your iptables config so it persists a reboot

OK, let's do the initial configuration for knife. This will do a couple of things for us:

it will generate a knife.rb file in /root/.chef/

it will point the chef-repo to /root/chef-repo

it will create an administrative user on the chef server with the same name as the currently logged on user

it will place a pem file for that new administrative user containing the private key in /root/.chef/

Just run the below command and leave all default values as they are.

[root@chef-serv ~]# knife configure -i -r ~/chef-repo/
WARNING: No knife configuration file found
Where should I put the config file? [/root/.chef/knife.rb]
Please enter the chef server URL: [https://chef-serv:443]
Please enter a name for the new user: [root]
Please enter the existing admin name: [admin]
Please enter the location of the existing admin's private key: [/etc/chef-server/admin.pem]
Please enter the validation clientname: [chef-validator]
Please enter the location of the validation key: [/etc/chef-server/chef-validator.pem]
Creating initial API user...
Please enter a password for the new user:
Created user[root]
Configuration file written to /home/root/.chef/knife.rb

Almost there, next up is installing knife-windows directly from the github repo it is on. For that, we will have to install a couple of necessary dependencies. After that, we'll clone the github repo for knife-windows, then checkout a specific commit (we're doing that because the current latest version of knife-windows - 0.5.14.rc.1 - seems broken), build a gem from that code using rake and then install the gem using gem.

Done. You should now have a Chef Server running as well as the chef-client installed. On top of that, you will also have the knife windows commands. Let's quickly verify that. Note that the first command will actually throw an error but then list which Windows commands knife will understand.

Bootstrap our Windows Server with knife

Quickly log out to check on the status of our Cloud Windows Server build (I'll be back).

[root@chef-serv ~]# logout
Connection to <IP_ADDR> closed.

Ask nova if our Server has finished building. As stated above, Windows Server take considerably longer than Linux servers to build. Please also note, that even if nova reports completion, it will take another few minutes until the server is actually remotely accessible as there are quite a few post-build tasks being executed on the first boot.

Let's define a role that we can add to our server's run-list which will then in turn install iis on the server. Just create a file in /root/chef-repo/roles/ called iis.rb and give it the following content. Don't forget to "accept the EULA" or iis won't install.

Add the role to our server's run-list and re-run the chef-client remotely using the knife winrm command. At this point we need to specify which attribute to use to connect to our server as the FQDN will most likely not resolve to anything (really depends on what you called your server though)

That was fairly quick. You now have a Windows Server 2012 server running up in the cloud with IIS installed on it serving web-content (to be fair only the default IIS 8 page, but it is serving content) without logging in to that server one single time. If you wanted you could have 20 servers in the same time.

Finally, if you want to reproduce this quickly and don't really want to scroll through this document and copy-paste each command one at a time, find below a list of commands arranged in blocks so there are breaks when user input or action is required. The easiest is to just copy that into a notepad/text editor of your choice and substitute the values as you go along and copy-paste.